#!/bin/bash
# The following may be heavily borrowed from, if not
# copied from, the NSA's December 20, 2007 "Guide to the
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Set Password Quality Requirements to be Stronger

#Initialize variables
export PRECHECK="grep -P 'password\srequisite\spam\_passwdqc\.so\smin=disabled,disabled,16,12,8' /etc/pam.d/system-auth"
export QUESTION="Would you like to increase the password strength for user accounts?"
export DESCRIPTION="The default pam cracklib PAM module provides strength checking for passwords. It performs a number of checks, such as making sure passwords are not similar to dictionary words, are of at least a certain length, are not the previous password reversed, and are not simply a change of case from the previous password. It can also require passwords to be in certain character classes."
export SOLUTION="sed -i -re 's/password\s+requisite\s+pam\_cracklib\.so\s+try\_first\_pass\sretry=3/password\trequisite\tpam\_passwdqc\.so\tmin=disabled,disabled,16,12,8/' /etc/pam.d/system-auth;"
